Method used to configure the L2TP VPN on the USG6300

The L2TP is configured on the LAC side and the LNS side.
The L2TP configuration on the LAC side is as follows:
1. Enable the L2TP.
2. Create the VT interface and access the VT interface view.
interface virtual-template virtual-template-number
3. Configure the PPP authentication mode.
ppp authentication-mode chap [ pap ] [ eap ], ppp authentication-mode pap [ eap ] or
ppp authentication-mode eap
3. Bind the interface with the VT interface.
interface interface-type interface-number
pppoe-server bind virtual-template virtual-template-number
4. Add the VT interface to the security zone.
The VT interface can be added to any security zone.

When configuring the inter-zone relationship, to ensure that dial-up users can access the network normally, configure the packet filter for the security zone where the physical interface of the NGFW that receives and sends L2TP tunnel packets resides and the Local security zone.
5. Create the L2TP group, and access the L2TP group view.
l2tp-group group-name

6. Specify the trigger conditions for originating calls when the local end serves as the L2TP LAC.
Access based on domain names: start l2tp { lns-domain domain-name | ip ip-address &<1-5> } domain domain-name
[ vpn-instance vpn-instance-name ]. Set the trigger condition to domain names.
Access based on full names: start l2tp { lns-domain domain-name | ip ip-address &<1-5> } fullusername
user-name [ vpn-instance vpn-instance-name ]

The L2TP configuration on the LNS side is as follows:
1. Enable the L2TP.
l2tp enable
2. Create the VT interface and access the VT interface view.
interface virtual-template virtual-template-number
3. Configure the local IP address.
ip address ip-address { mask | mask-length } [ sub ]
4. Configure the PPP authentication mode.
ppp authentication-mode { chap | eap | pap } *
5. Configure the address allocated to the peer end or a service plan for allocating an address for the peer end.
remote { address ip-address | service-scheme service-scheme }
6. Create the L2TP group, and access the L2TP group view.
l2tp-group group-name
7. Configure the name for the peer end and the used virtual interface template.
allow l2tp virtual-template virtual-template-number [ remote remote-name ]
[ domain domain-name ] [ vpn-instance vpn-instance-name ]
8. Configure the name of the local end of the tunnel.
tunnel name tunnel-name

Scroll to top